1 files changed, 92 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20AuthAction.java
new file mode 100644
index 000000000..949b06bb2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20AuthAction.java
@@ -0,0 +1,92 @@
+package at.gv.egovernment.moa.id.protocols.oauth20;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.requests.OAuth20AuthRequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class OAuth20AuthAction implements IAction {
+	
+	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+			AuthenticationSession moasession) throws MOAIDException {
+		
+		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
+		
+		// OAAuthParameter oaParam =
+		// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+		// AuthenticationData authData =
+		// AuthenticationServer.buildAuthenticationData(moasession, oaParam,
+		// oAuthRequest.getTarget());
+		
+		String responseType = oAuthRequest.getResponseType();
+		
+		String code = AuthenticationSessionStoreage.changeSessionID(moasession);
+		Logger.debug("Stored session with id: " + code);
+		if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+			OAuth20SessionObject o = new OAuth20SessionObject();
+			o.setScope(oAuthRequest.getScope());
+			o.setCode(code);
+			moasession.setoAuth20SessionObject(o);
+			try {
+				AuthenticationSessionStoreage.storeSession(moasession);
+			}
+			catch (MOADatabaseException e) {
+				throw new OAuth20ServerErrorException();
+			}
+			
+			Logger.debug("Saved OAuth20SessionObject in session with id: " + moasession.getSessionID());
+		} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
+			throw new OAuth20ResponseTypeException();
+		}
+		
+		// add code and state to redirect url
+		httpResp.setStatus(HttpServletResponse.SC_FOUND);
+		String redirectURI = oAuthRequest.getRedirectUri();
+		String state = oAuthRequest.getState();
+		
+		redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.RESPONSE_CODE, code);
+		redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, state);
+		
+		String finalUrl = redirectURI;
+		httpResp.addHeader("Location", finalUrl);
+		Logger.debug("REDIRECT TO: " + finalUrl.toString());
+		return null;
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see
+	 * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+	 * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		return true;
+	}
+	
+	private String addURLParameter(String url, String name, String value) {
+		String param = name + "=" + value;
+		if (url.indexOf("?") < 0) {
+			return url + "?" + param;
+		} else {
+			return url + "&" + param;
+		}
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+	 */
+	public String getDefaultActionName() {
+		return OAuth20Protocol.AUTH_ACTION;
+	}
+	
+}